terokalpha

Run AI coding agents inside hardened containers.

Modern AI coding agents — Claude Code, Codex, Copilot, OpenCode and others — run in your shell with your privileges. A misbehaving or subverted agent has the same access to your filesystem, credentials, and network as you do. That footgun only gets sharper as agents get more capable and more autonomous.

terok orchestrates these agents inside per-task Podman containers with network egress filtered to a gated allowlist, git access brokered through a credential proxy, and SSH-signed commits attributable to both agent and human. A CLI (terok) and a Textual TUI (terok-tui) drive project and task lifecycles; the hardened runtime lives in terok-sandbox.

The project is in early development — expect sharp edges, breaking changes between versions, and a security model that is still maturing. If you are running agentic tooling and it is making you nervous, terok is the experiment you might want to follow.

View on GitHub →

Sibling packages

terok-executor · terok-sandbox · terok-shield · terok-dbus · mkdocs-terok